Disabling Firewall/iptables On CentOS 7??

Home » CentOS » Disabling Firewall/iptables On CentOS 7??
CentOS 3 Comments

I apologize if this has been asked and answered, but I googled and attempted things for several hours today without success.

I have a freshly installed CentOS 7 system that I’d like to disable the firewall and all iptables rules. Basically the equivalent of doing iptables -F

In a nutshell I’ve tried the following commands, in many different ways and orders, but when the system restarts it still seems to end up with some form of default rules. It even has a couple rules specifying
192.168.122.0 and I can’t figure out where it’s coming from.

#Disable Firewall systemctl stop firewalld systemctl disable firewalld rm ‘/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service’
rm ‘/etc/systemd/system/basic.target.wants/firewalld.service’
systemctl disable firewalld systemctl stop firewalld iptables –flush iptables –list iptables -L
yum install iptables-services service iptables save systemctl enable iptables service iptables save

Any help is appreciated.

Thanks James

3 thoughts on - Disabling Firewall/iptables On CentOS 7??

  • libvirtd? That network is the range it tends to use for routing private networking.

    Also, you should look into using ‘systemctl mask unitname’ to make it not run, rather than just deleting a symlink.


    Jonathan Billings

  • Data Wed, 22 Mar 2017 19:56:03 -0400
    James Pifer wrote:

    Iptables isn’t used by default, at least not directly. Easiest way to do dosable firewall is:
    # systemctl mask firewalld and restart the machine.

    192.168.122. subnet is something for libvirt and KVM. I have it completely disabled on my locals and VPSes without any problem.

    If You write specific rules in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables, with
    -F
    -X
    -P INPUT DROP
    at the beginning, any trace of 192.168.122 will be gone. Here’s mine ipv4 rules for my local machines:
    ————————
    *filter
    -F
    -X
    -P INPUT DROP
    -A INPUT -s 0/0 -m state –state RELATED,ESTABLISHED -j ACCEPT

    # localhost
    -A INPUT -i lo -j ACCEPT

    # ping
    -A INPUT -p icmp -j ACCEPT

    # ssh
    -A INPUT -s 192.168.234.0/24 -p tcp –dport 22 -j ACCEPT

    COMMIT
    ————————


    Łukasz Posadowski

  • Thanks for the help.

    Basically I was making it more complex than it needed to be. Disabling firewalld and removing the libvirt NIC did the job.

    Thanks James

LEAVE A COMMENT